Group: JavaScript Developers Task-Force/Reddit JavaScript Analysis

NOTE: The formatting looks wrong on this page because it is written in markdown to comply with the FSF's internal publication workflow. Please keep it like this. It makes sense if you view the source of the page in the editing interface.

1. General Information

You can download Closure Compiler from:

<http://dl.google.com/closure-compiler/compiler-latest.zip>

To run Closure Compiler on some source file foo.js:

   java -jar compiler.jar foo.js

- Minified using Closure Compiler

   - See r2/r2/lib/js.py

1. Changes that need to be made for reddit's essential functions to work with LibreJS enabled
   1. Comments Page, et. al.
      1. reddit-init.en.js

• REMOVED FROM THIS SECTION*
• The outer try/catch is added by r2/r2/lib/js.py:425

  * Its license is irrelevant because the JavaScript is trivial

• lib/json2.js

  * It is in the public domain

• lib/underscore-1.4.4.js

  * Expat

• lib/store.js

  * Expat

• lib/jed.js

  * Some modifications made by reddit, as noted within the file
  * WTFPL
  * For those who are unaware of this license: http://www.wtfpl.net/txt/copying/
  * Do we need some legal advice here? What is the legal intepretation of "DO WHAT THE FUCK YOU WANT TO"?
  * if the license is crap and cannot be enforced, then the software is not free.
  * *Zak verified that the license is indeed free.*

• From adzerk section:

  * Infects browser and likely tracks user!

• base.js

  * The source file contains no license

• preload.js

  * The source file contains no license

• logging.js

  * The source file contains no license

• uibase.js

  * The source file contains no license

• i18n.js

  * The source file contains no license

• utils.js

  * The source file contains no license

• analytics.js

  * The source file contains no license

• jquery.reddit.js

  * The source file contains no license

• reddit.js

  * The source file contains no license

• spotlight.js

  * The source file contains no license

• adzerk

  * No mention of adzerk exists in the repository
  * Loads from:
     * az.turbobytes.net if https
     * otherwise static.adzerk.net
  * Creates an iframe that loads additional content:
        * In the case of non-https: http://static.adzerk.net/reddit/ads-load.html?bust2
           * Includes jQuery
           * Includes http://secure.adzerk.net/ados.js?q=43
              * No license; presumably proprietary.
     * http://static.adzerk.net/reddit/ads.html?sr=linux&bust2#http://www.reddit.com
  * Sets up messaging hooks for cross-origin communication
     * See https://developer.mozilla.org/en-US/docs/Web/API/Window.postMessage if unfamiliar
  * All the above also ends up in these being loaded:
     * http://engine.adzerk.net/ados?t=1389329534461&request={%22Placements%22:[{%22A%22:5146,%22S%22:24950,%22D%22:%22main%22,%22AT%22:5},{%22A%22:5146,%22S%22:24950,%22D%22:%22sponsorship%22,%22AT%22:8}],%22Keywords%22:%22linux%22,%22Referrer%22:%22http%3A%2F%2Fwww.reddit.com%2Fr%2Flinux%2Fcomments%2F1ubbz4%2Ffsf_ask_reddit_to_upvote_user_freedom_by_serving%2F%22,%22IsAsync%22:true,%22WriteResults%22:true}
     * http://static.adzrk.net/Extensions/adFeedback.js

1. reddit.en.js

Similar to above; ordered concatenation and subsequent minification:

• templates.js

  * The source file contains no license

• ui.js

  * The source file contains no license

• login.js

  * The source file contains no license

• flair.js

  * The source file contains no license

• interestbar.js

  * The source file contains no license

• visited.js

  * The source file contains no license

• wiki.js

  * The source file contains no license

• apps.js

  * The source file contains no license

• gold.js

  * The source file contains no license

• multi.js

   * The source file contains no license

• recommender.js

  * The source file contains no license

• JSON generated from r2/r2/lib/permissions.py

  * License irrelevant; it is data, but the Python file is under the Common Public Attribution License

• Unknown r.config.cursed; not in the repository!

  * The JavaScript is small and it looks like it's just intended to be a fun toy
     * It randomly positions elements that you mouse over, it looks like
     * But regardless, it's non-free JS

• Ends with a trivial line that does not appear to be in the repository

  * Simply adds an i18n message; code is 104 chars and would look no different if not minified

1. 1. Changes that would be good to make, but which are not necessary for the site's essential functions to work with LibreJS on

1. 1. Privacy Policy
2. policies.js

• Used on http://www.reddit.com/help/useragreement
• policies.js

  * The source file contains no license

1. jquery.js

• Used on https://ssl.reddit.com/prefs/
• Already includes this header (just need to make LibreJS-compatible): /*! jQuery v1.7.2 jquery.com | jquery.org/license */

1. ajax.googleapis.com/**/*.js

• We obviously cannot add license headers to these files

  * But we can encourage use of a separate page to describe licenses

1. 1. Blog
2. s.ytimg.com/yts/jsbin/*.js

• Used on blog.reddit.com
• www-embed-player.js

  * Proprietary YouTube JavaScript
  * Used for embedded video player
  * Perhaps they could use an HTML5 player instead, since YouTube serves  up HTML5-compatible content for many videos, but I don't know the  details
   

1. www.youtube.com/embed/*

• Used on blog.reddit.com- They can provide us with the source code, or commit it to the repository
• Various embed stuff for iframes; includes above JS
• Contains non-free JavaScript used as configuration for above YouTube include

  * That said, it's primarily data; it may be trivial

• Loads http://www.google.com/js/bg/J3oN4k55bATX3riG5_bT7XUBXDr4fHU0iSqBW5OwyBU.js

  * Some Google anti-spam thing
  * Proprietary JS

1. https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fwww.blogger.com#rpctoken=378573301&forcesecure=1

• Loads ssl.gstatic.com/accounts/o/1618667077-postmessagerelay.js

  * Proprietary JS

1. http://www.google-analytics.com/ga.js

• Proprietary JS

1. www.blogger.com/static/v1

• jsbin/3672639782-lbx.js

  * 582kB of proprietary JS

• widgets/3561504294-widgets.js

  * 85kB more proprietary JS

• Loads over half a dozen more smaller scripts from apis.google.com on top of that

1. https://apis.google.com/js/plusone.js

• Ah the notorious Google+ +1 button!

  * Known to track users

1. reddit.com

• static/button.js

  * Combined, minified file
  * lib/jquery.cookie.js
     * Dual Expat/GPL
  * jquery.reddit.js
     * The source file contains no license
  * blogbutton.js
     * The source file contains no license

1. 1. About
2. redditstatic.com

• about.js; concatenated, minified:

  * Custom modernizer configuration
     * See http://modernizr.com/download/
     * Does not exist in repository!
     * Expat license (http://modernizr.com/license)

• (minified blob)

  * Not in the repository!
  * Might be part of Modernizr; looks to modify the Date object for consistency
  * No license and might be proprietary

• (minified blobs)

  * Not in the repository!
  * Some trivial hooks and stuff, on top of what's listed below (which is non-trivial and extensive)
  * The following Backbone views/models:
     * SlideShowView
        * AboutSlideshowView
     * TimelineEvent
     * TimelineEventView
     * TimelineView
        * AboutTimelineView
     * GridView
        * PeopleGridView
     * AboutSlideshowView
     * TeamRouter
     * DropdownView
     * TeamMember
     * SortableCollection
     * PersonDetailsPopup
     * PersonView
     * Postcard
     * PostcardCollection
     * PostcardRouter
     * PostcardOverlayView
        * PostcardInfoView
        * PostcardRedditView
        * PostcardCloseView
     * PostcardZoomView
     * PostcardView
     * PostcardGridView
  * No license and is therefore proprietary